by David Strom
Instant Messaging (IM) has come of age and is close to becoming one of those protocols that offers something for everyone. Once the province of chatty teens looking to replace phone conversations with electronic ones, IM is now a corporate mainstay and part of a new breed of applications that are built around “presence detection,” the ability to determine when someone—or something—is online and available to communicate.
Indeed, IM is rapidly spreading across the corporate world and becoming an able replacement for overflowing voicemail and e-mail inboxes that are clogged with spam and buried in irrelevant and non-time-sensitive postings. If you must get through to a busy corporate executive, IM is becoming the fastest and most effective method of communicating. Move over CrackBerry.
IM offers several benefits today, having taken some lessons learned by other Internet protocols of the past. First, it has a solid user and developer base. Second, it has a relatively simple building-block structure like the best of Internet protocols, with well-defined clients and servers. Third, interoperability efforts are beginning to pay off among the leading independent and private IM systems. Fourth, open-source rules are making inroads in all the right places. Fifth, Microsoft is a friend (for once) of IM and helping matters—rather than playing its usual monopolist role in this space, the company is actually encouraging future developments and interoperability. Finally, a new collection of advanced applications is taking hold that will take advantage of the existing Internet and IM infrastructure and create some very sophisticated IM applications.
Let’s examine more closely where IM originated, where it is going, and what the specific implications are for each of these developments and for networking professionals. As a warning, this article by its very nature takes some positions on products and vendors. These opinions are solely those of the author, and they represent nothing wider or more inclusive.
The IM servers are operated by either public network or private entities. The major difference between the two is that the public systems operate across the Internet and can be accessed by any users who download the appropriate client software and create their own identity. Message traffic is usually transmitted in plaintext and without any encryption whatsoever.
The private IM systems are usually maintained by a corporate IT department and operate behind firewalls; they offer message encryption, message retention, and archiving; prepopulated buddy lists that are integrated into the corporate authentication and directory servers; and better security and privacy that are specific to a particular set of corporate users. These private systems are not available to the public and are designed strictly for employee communications or communications among particular trading partners of the corporation.
The four most popular public IM systems are currently all in corporate hands: Microsoft, Yahoo, eBay/Skype, and AOL. Actually, we should make that five systems because AOL owns two separate networks, AOL Instant Messenger (AIM) and I seek you (ICQ). Introduced in November 1996, ICQ was actually the first general-purpose IM system combining presence or a list of contacts with the ability to send messages. Other popular systems include the open-source Jabber and Tencent QQ, the latter very popular in China. Estimates vary widely as to the total number of nonduplicated users—because many people have multiple accounts and use multiple systems—but it is safe to say that more than 150 million users are active across all these systems at any moment. The most recent estimates of active users are as follows: 
Why IM Is So Popular for Businesses
But these numbers are more about individuals using IM. They hide the real story over the past several years, the rise of IM as a solid enterprise communications tool. Corporate IM usage has skyrocked the last several years, and one survey has found IM users in more than 50 percent of American corporations . As mentioned earlier, there are public and private IM systems. The vast majority of the private IM systems are for institutional use for communications inside a company or among several suppliers, customers, and other trading partners.
The largest players in the private IM space are Microsoft Office Live Communications Server and IBM/Lotus’ Sametime, although Jabber Corporation (not to be confused with the Jabber Software Foundation) is also gaining a strong following. We will discuss more about the role of open source in a moment, but first let’s examine the reasons why IM has become so popular among so many business users.
First, workers have become more mobile and more difficult to track down. As secretarial support disappears and voicemail becomes more the norm, you want to know when people are actually at their desk—or laptop—these days. Staffs are more far-flung, and the global village becomes a lot smaller when you use IM to “talk” to someone halfway across the planet and get an immediate response. Finding someone who is available requires more than just making a phone call or exchanging e-mail messages. IM automatically tells you who is available—and who is not—at any given hour of the day.
Second, e-mail is no longer the productivity tool it once was because pipes are clogged with spam, viruses, and phishing attacks. Getting a quick response—that is, within minutes—through e-mail now seems so quaint, so “last year.”
Third, IM enables better collaboration and a tighter sense of community. With IM, you can educate an entire team, give the team feedback in real time, develop relationships, and cement the team together. It is a nice antidote and countermeasure to connect all these home-based and remote workers.
Fourth, the next generation of IM is not just about text chats; it also offers solid integration with voice and video. Voice and video calling is now part of Microsoft, Yahoo, Apple, and AOL IM software as well as part of the Skype network, which pioneered the feature. These audio and video extensions are becoming more popular with the private Lotus and Microsoft systems as well.
Finally, the real-time features of IM and its ability to track someone down no matter where they are located are attractive to customers, partners, and suppliers that need a guaranteed method of communication. IM is becoming the critical technology ingredient for corporations that are looking for faster response times, tying their customers closer together, and enabling teleworkers to communicate across the globe.
Following are some definitions and explanations for those unfamiliar with the world of IM. Every IM network is composed of clients, servers, and protocols to connect them.
Each IM client has three major pieces:
The last item bears some further discussion. All major IM products are moving beyond their roots of simple text chats toward more integrated and sophisticated communications, including real-time voice and video calls. Indeed, the mixture of Voice over IP (VoIP) and IM is a potent and popular one, accounting for the rapid uptake in Skype’s adoption around the world. To use Skype as an example (although Yahoo has begun offering similar phone calling features in its IM client, and the others are soon to follow), users can make phone calls to the land-line phone numbers for a few pennies per minute—even calls to numbers in other countries. This is part of its attraction, along with voice mailboxes that are attached to a particular IM username.
The IM server maintains the directory of user accounts and keeps track of who is online, and in most cases routes messages among users. The major difference between an IM server and a Simple Mail Transfer Protocol (SMTP) e-mail server is that the IM server operates in real time, sending messages back and forth between two users as they finish typing a line of text. The servers also pass information in real time as to the availability of various users in the directory, when they come online and change their “status” message.
Users can typically set their availability in one of many different modes:
This status message can be changed at the user’s discretion and is one of the main attractions for teens and other hypercommunicators. You can actually track what people are doing (or at least, saying that they are doing), by monitoring their status messages. (I am at the beach, I am taking a nap, I am at lunch, I am having coffee, and so forth.) For my teenaged daughter, this is one way she documents her life and one way that her friends can keep track of her—having a cell phone is not enough! There are numerous third-party add-ins to enhance your away message with clever graphics, hyperlinks to various Websites, and other effluvia as well.
The combination of instant access and persistent status indicator is at the core of why IM is such a powerful application. In a single window on your computer, you have a list of all your correspondents and can quickly determine who is online and who is not.
The blocking ability for some systems works universally, meaning that your presence is cloaked for everyone, as well as for specific users that you do not wish to communicate with or know your particular status, such as ex-spouses or ex-colleagues.
In most IM networks, you can be signed on from only one computer at any given moment. If you attempt to sign on from a second machine, you get an error message or your first computer is automatically logged out of the system. This is one way for the network to keep track of where you are located, because you can be in only one place at any given time.
Each server uses the TCP/IP Internet infrastructure and communicates with its clients over an assigned port number across the Internet. These ports can be blocked or proxied to different numbers, depending on the network administrator’s policies toward IM traffic. Typical port numbers follow:
Notice an interesting thing about Skype’s protocol: there is no single assigned port number. Users can set one of the ports in its configuration settings, but Skype uses a series of ports to communicate.  This setup suggests several concerns, which we address next.
The Dark Side
Although these are all compelling reasons for the rise of IM across the corporate network, all is not constructive with IM. This section discusses problems specifically germane to Skype and problems with all IM products in general.
When the Skype client is installed on a computer, it picks a random port to communicate with other Skype computers, using what is believed to be a form of Request for Comments (RFC) 3489 . This process is similar to many network-based games and peer-to-peer file-sharing products—no surprise because the developers of Skype worked on the Kazaa music file-sharing software. Because of its programming model, Skype is adept at traversing Network Address Translation (NAT) routers and can usually find a communications path to the outside world. Skype also encrypts all its message traffic, and this fact coupled with random port usage and its peer-to-peer programming model makes it look very similar to some malicious code that is unleashed across your network.
This is part of its charm and its challenge: network administrators who want to block Skype usage usually have a very difficult time figuring out how to do so , and may have to resort to third-party blocking products or clever configurations. One of the papers listed in  shows a way to block Skype using the popular open-source Squid caching proxy: not only do you have to prevent outbound User Datagram Protocol (UDP) connections over port 443, but you also must prevent connections to numeric IP addresses.
Although Skype has its own problems because of the way it is designed, there are several significant drawbacks to widespread adoption and deployment of any IM application. IM is not immune to infections, and just as its popularity is on the increase, so are ways to send malicious payloads and attacks too. What makes matters worse with IM versus say, e-mail, is its very instant nature: an infection can easily spread across a network in a matter of seconds, given that users are logged in, have long lists of users, and tend to think that any message coming from their respondents is more trusted than the average e-mail. In addition, Internet chat has long been a mechanism for controlling large-scale bot-nets of zombie computers, whose owners are unaware of such usage. Numerous virus authors have used exploits in Internet Relay Chat, for example, to control their villains across the Internet.
To avoid these problems, many corporations have either designed their own or are using one of several commercial IM protection products to screen incoming messages for particular patterns and methods of attack. The IM protection products work just like antivirus products work with e-mail messages: they download pattern files on a regular basis from a central server, and perform deep packet inspection across a perimeter to determine what is malicious and what is not.
Each public IM system is an island unto itself: users on one cannot easily communicate with users of another, unless one of two things happens:
But variables are changing on the interoperability scene to make life better for IM users. First, efforts are under way among the major operators to form better relationships with each other:
In October 2005, Yahoo and Microsoft announced plans to introduce interoperability between MSN and Yahoo Messenger by mid-2006, using Session Initiation Protocols (SIPs). In December 2005, AOL and Google announced a strategic partnership deal where Google Talk users can talk with AIM and ICQ users provided they have an identity at AOL.
Second, both Microsoft and Apple have made efforts to include multiprotocol IM clients as part of their desktop operating systems. Apple’s iChat in its latest Mac OS 10.4 Tiger, as an example, now supports AIM, Google Talk, and Jabber. Microsoft has announced plans to support other networks in its next release of Windows Vista, expected later this year.
Finally, the private IM systems of Microsoft and Lotus both support multiple IM protocols, and are widening their support for others, making them more useful for corporations.
Still, with all this activity, the IM interoperability scene is pretty poor: think where e-mail was in the early 1990s with custom-crafted gateways and the like so that an MCIMail user could send messages to a CompuServe user.
Setting up two systems to talk to each other is neither simple nor obvious, and each pair of systems must be done separately. So to add Google Talk to Trillian, a user would need to provide the server host name (talk.google.com) and port number (5222). (By the way, GoogleTalk has the most helpful instructions on how to set up a variety of third-party applications to connect to its servers.)
But that is not all—even if a user follows these instructions to set up cross-system connections, most systems can exchange only plaintext messages. Video and voice chats between disparate systems are not generally supported, although Apple’s iChat has done the best job so far in this arena. And even if users take the multiple-client approach, the structure of their buddy lists is not always maintained and sometimes is presented in a single group of buddies, rather than separated into the groups that were specified when initially setting up the IM account.
The other concern for cross-systems interoperability is a lack of support for privacy or online status. All of the IM systems have the ability to create blacklists, or lists of users that cannot view your online status. These blacklists are not necessarily preserved when running the multiple client systems.
The Rise of Open Source
There is hope on the interoperability scene, however, and that hope is spelled open source. The Jabber group of programmers is growing, and the community is aggressively establishing a more pluralistic IM society. These steps revolve around software using the protocol called the Extensible Messaging and Presence Protocol (XMPP), the IETF’s formalization of the core protocols created by the Jabber open-source community in 1999, and contained in four RFCs [8, 9, 10, and 11].
Jeremie Miller developed the original Jabber server in 1998. Now the project has reached critical mass. Notable is the wide number of different server and client formulations that support XMPP. Jabber. com sells a commercial license, along with a combination of General Public License (GPL)-based licensed servers and other commercial versions. The project has supported the efforts of dozens of client implementations . Last year, support reached a new milestone with Google Talk and more recently the Gizmo Project using these protocols.
Numerous efforts are under way with these clients to extend basic IM functions into new areas, including providing more sophisticated and secure communications, the ability to have multiple identities presented (firstname.lastname@example.org for work colleagues, email@example.com for personal communications) from the same IM client, and support for more interoperable communications between Jabber and private IM systems.
At the heart of XMPP is the Extensible Markup Language (XML) constructs and basic protocols. The core “transport” layer for XMPP is an XML streaming protocol that makes it possible to exchange fragments of XML between any two network endpoints. Authentication and channel encryption happen at the XML streaming layer using other IETF-standard protocols for Simple Authentication and Security Layer  and Transport Layer Security .
Servers can connect to each other for interdomain communications, using the form of address for each user as <user@domain>—similar to SMTP e-mail, and in many cases, the IM address is the same as one’s Internet e-mail address to simplify things.
What is notable about using XMPP is that RFC 3921 also makes it possible to separate the messaging and presence functions if desired (although most deployments offer both). This feature is helpful when building applications-to-applications messaging that does not involve users typing text messages to each other, such as a server sending a network operator an alert when it detects a problem.
The Jabber Software Foundation develops extensions to XMPP through a standards process centered on Jabber Enhancement Proposals (JEPs), similar to the RFC process . Currently, more than 30 active proposals have been developed, extending IM into bookmarks, delayed messaging, and other areas.
What Microsoft Is Doing
Microsoft is heavily involved in the IM scene in three important areas. The company operates one of the larger public IM networks, it includes an IM client as part of its Windows operating system, and it sells a private IM server that has some powerful interoperability features called Live Communications Server (LCS). What does this mean for the IM community? All good things. Microsoft’s MSN and Skype are the more popular IM services outside of North America, and having Skype now a part of eBay is making Microsoft add competitive features such as voice and video chats to its public IM service. Microsoft has actually led the way on IM interoperability with LCS, a fact that can only motivate its competitors to include more pluralist IM offerings of their own. Finally, building in more support for IM in future versions of Windows will help popularize these applications even further.
It was not always this way. Earlier versions of Windows included something called Windows Messenger that was woefully underfeatured and had many bugs. But like so many early Microsoft efforts, technology has improved over time, and now the built-in software that comes with Windows is actually quite competitive with the public IM clients from AOL, Yahoo, and Skype.
Certainly, having Microsoft on one side and open-source efforts on the other is a nice way to encourage development and innovation in the IM arena, and we should expect more here in the future.
Building IM Applications
For most of this article we have addressed the one-to-one aspect of IM. However, IM is evolving into a much more important role, and that is one-to-many communications, and communications between applications instead of actual people. Many vendors have begun selling products in this space, and it is more interesting for several reasons:
First, IM is replacing other means for applications communications. It used to be the case that many network management applications used the Simple Network Management Protocol (SNMP) or SMTP protocols to send out their alerts. Now, many applications are using IM messages and taking advantage of the real-time nature of the protocol.
Second, the origins of IM go back to group chat sessions, so group collaboration tools make sense for new IM applications.
Third, even the closed public IM vendors have begun to open their programming interfaces, making it is easier for corporations to build new and sophisticated applications that are presence-aware, in some cases between two computer programs to communicate their status. AOL this year is one such example of opening its IM application programming interface (API) kimono, and of course Jabber has always been an open system that has helped lead more of these innovations.
One illustration is with the automotive giant Reynolds and Reynolds, which is using Jabber servers to monitor its own software status at the numerous automotive dealerships around the world. The IT department at Reynolds can quickly see if the company’s software is down and take steps to get it working again.
Accredited Home Lenders is using IM to provide its loan brokers a secure and reliable means of communicating in real time with loan specialists to resolve problems with loan applications. And Ecreation built a virtual disk jockey for a Dutch radio station that also broadcasts over the Internet, allowing the station to take requests from listeners around the world through Microsoft’s IM network.
Even traders have embraced IM. NetEnergy has been using IM for the past three years, and now negotiates trades between buyers and sellers of oil contracts using IM, decreasing errors and enabling faster communications.
Finally, IM figures prominently helping deaf and hard-of-hearing users communicate. In the era before IM, deaf users required a telephone relay operator to type the message to them and speak to the hearing callers. Go America has built a gateway to IM for its i711.com Website, so that deaf users can send messages directly to the operator.
We have tried to paint a comprehensive a picture of what IM is and where it is going. Certainly, the amount of messaging traffic using the various IM protocols is impressive, and will continue to grow as these new applications are created and as more people discover the advantages of using IM. In several instances IM has replaced voicemail for most internal communications, particularly at high-tech companies and places where real-time communications is important. Although IM is not without its problems, there are ways to protect networks from infection and abuse.